Trojan.Gen.2

Zpráva

hael · #1 Příspěvek od **hael** » 22 led 2013 10:54

Dobrý den,

Symantec Endpoint Protection mi identifikuje tmp-soubory s uvedeným virem. Soubory vloží do karantény. Nicméně po čase tyto soubory vzniknou znovu. Pokoušel jsem se problém odstranit i utilitou Stinger od MCAfee. Zpočátku to vypadalo nadějně, ale po dvou dnech scanner od Symanteku opět identifikoval infikované tmp-soubory.

Prosím o radu, jak se toho trojana zbavit, zároveň přikládám log RSIT.
Díky

Logfile of random's system information tool 1.09 (written by random/random)
Run by janl at 2013-01-22 10:44:09
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 105 GB (69%) free of 152 GB
Total RAM: 3572 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:13, on 22.1.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\janl\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files\Sparx Systems\EA\EA.exe
C:\Users\janl\Downloads\RSIT.exe
C:\Program Files\trend micro\janl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\janl\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} (AxMediaControl Control) - http://lickovi.no-ip.org/AxViewer/AxMediaControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Web'n'walk Manager mobile equipment installation service (ameisvc) - Gemfor s.r.o. - C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\Windows\system32\ngvpnmgr.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Aplikace Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Aplikace Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 11702 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\janl\AppData\Roaming\Mozilla\Firefox\Profiles\h9gibfmw.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\Windows\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
IICAClient.xpt

C:\Program Files\Mozilla Firefox\plugins\
CCMSDK.dll
cgpcfg.dll
CgpCore.dll
confmgr.dll
ctxlogging.dll
ctxmui.dll
ICAClObj.class
icafile.dll
icalogon.dll
npicaN.dll
nppdf32.dll
sslsdk_b.dll
TcpPServ.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2012-11-26 2080376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-10-25 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-12 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-12-13 4527888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-10-25 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_2.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_2.dll [2011-05-09 176936]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2012-11-26 2080376]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-12 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-07-08 115560]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2010-05-12 13838952]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2010-05-12 92776]
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2010-10-12 304568]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2012-06-28 74752]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-11-08 39408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
VPN Client.lnk - C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico

C:\Users\janl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\janl\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - "%1" /S "%3"

======List of files/folders created in the last 1 month======

2013-01-22 10:14:51 ----D---- C:\Program Files\trend micro
2013-01-22 10:14:50 ----D---- C:\rsit
2013-01-20 09:58:54 ----D---- C:\Program Files\Mozilla Firefox
2013-01-18 19:20:57 ----D---- C:\Users\janl\AppData\Roaming\IsolatedStorage
2013-01-18 19:20:55 ----D---- C:\Users\janl\AppData\Roaming\BizAgi Ltd
2013-01-18 19:19:55 ----D---- C:\Program Files\BizAgi
2013-01-18 19:17:48 ----D---- C:\Program Files\GanttProject
2013-01-18 12:37:18 ----D---- C:\Program Files\stinger
2013-01-17 12:19:30 ----D---- C:\Users\janl\AppData\Roaming\Anvisoft
2013-01-17 12:19:07 ----D---- C:\ProgramData\Anvisoft
2013-01-17 12:01:31 ----A---- C:\Windows\system32\drivers\Cat.DB
2013-01-17 12:01:10 ----D---- C:\Program Files\PC Tools
2013-01-17 11:56:11 ----AD---- C:\ProgramData\TEMP
2013-01-17 11:56:10 ----D---- C:\ProgramData\PC Tools
2013-01-17 11:56:08 ----D---- C:\Users\janl\AppData\Roaming\TestApp
2013-01-14 17:38:29 ----D---- C:\Program Files\Toucan
2013-01-12 09:37:11 ----A---- C:\Windows\system32\FlashPlayerInstaller.exe
2013-01-11 10:34:58 ----D---- C:\Program Files\Mozilla Firefox.bak
2013-01-10 10:23:58 ----A---- C:\Windows\system32\usp10.dll
2013-01-10 10:23:51 ----A---- C:\Windows\system32\win32k.sys
2013-01-10 10:23:48 ----A---- C:\Windows\system32\win32spl.dll
2013-01-10 10:22:37 ----A---- C:\Windows\system32\msxml6.dll
2013-01-10 10:22:00 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-10 10:21:58 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-10 10:21:58 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-10 10:21:58 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-10 10:21:58 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-10 10:21:58 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-10 10:21:58 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-10 10:21:58 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-10 10:21:58 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-10 10:21:58 ----A---- C:\Windows\system32\winsrv.dll
2013-01-10 10:21:58 ----A---- C:\Windows\system32\kernel32.dll
2013-01-10 10:21:58 ----A---- C:\Windows\system32\conhost.exe
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-10 10:21:57 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-10 10:21:56 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-10 10:21:56 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-10 10:20:34 ----A---- C:\Windows\system32\Wpc.dll
2013-01-10 10:20:34 ----A---- C:\Windows\system32\gameux.dll
2013-01-10 10:20:11 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-10 10:20:10 ----A---- C:\Windows\system32\taskhost.exe
2013-01-06 12:40:54 ----D---- C:\Program Files\IZArc
2013-01-06 12:33:43 ----D---- C:\Program Files\Common Files\Adobe
2013-01-06 12:33:43 ----D---- C:\Program Files\Adobe
2013-01-03 17:39:03 ----D---- C:\Users\janl\AppData\Roaming\PDF Writer
2013-01-03 17:39:03 ----D---- C:\ProgramData\PDF Writer
2013-01-03 17:39:03 ----D---- C:\Program Files\Common Files\Bullzip
2013-01-03 17:39:03 ----A---- C:\Windows\system32\bzFlRdr.dll
2013-01-03 17:39:03 ----A---- C:\Windows\system32\bzDCT.dll
2013-01-03 17:39:02 ----A---- C:\Windows\system32\bzpdfc.dll
2013-01-03 17:39:00 ----A---- C:\Windows\system32\bzpdf.dll
2013-01-03 17:38:56 ----D---- C:\Program Files\Bullzip
2013-01-03 17:32:36 ----A---- C:\Windows\Wiainst.exe
2013-01-03 17:31:03 ----A---- C:\Windows\system32\SaSegFlt.dll
2013-01-03 17:31:03 ----A---- C:\Windows\system32\SaMinDrv.dll
2013-01-03 17:31:03 ----A---- C:\Windows\system32\SaImgFlt.dll
2013-01-03 17:31:03 ----A---- C:\Windows\system32\SaErHdlr.dll
2013-01-03 17:31:02 ----A---- C:\Windows\system32\sdf1ml3.dll
2013-01-03 17:31:01 ----A---- C:\Windows\system32\dp2335ci.exe
2013-01-03 17:31:01 ----A---- C:\Windows\system32\dp2335ci.dll
2013-01-03 17:31:00 ----A---- C:\Windows\system32\sdf1mci.exe
2013-01-03 17:31:00 ----A---- C:\Windows\system32\sdf1mci.dll
2013-01-03 17:29:34 ----N---- C:\Windows\system32\ssusbpn.dll
2013-01-03 17:29:34 ----N---- C:\Windows\system32\ssdevm.dll
2013-01-03 17:29:34 ----N---- C:\Windows\system32\drivers\ssport.sys
2013-01-03 17:29:34 ----D---- C:\Program Files\DELL
2012-12-30 00:07:25 ----D---- C:\install
2012-12-29 21:54:50 ----A---- C:\Windows\TRNCOM.INI
2012-12-29 20:45:09 ----D---- C:\Program Files\MWSnap
2012-12-29 20:42:22 ----D---- C:\Users\janl\AppData\Roaming\GHISLER
2012-12-29 20:42:22 ----D---- C:\totalcmd
2012-12-29 20:42:22 ----A---- C:\Windows\UC.PIF
2012-12-29 20:42:22 ----A---- C:\Windows\RAR.PIF
2012-12-29 20:42:22 ----A---- C:\Windows\PKZIP.PIF
2012-12-29 20:42:22 ----A---- C:\Windows\PKUNZIP.PIF
2012-12-29 20:42:22 ----A---- C:\Windows\NOCLOSE.PIF
2012-12-29 20:42:22 ----A---- C:\Windows\LHA.PIF
2012-12-29 20:42:22 ----A---- C:\Windows\ARJ.PIF
2012-12-29 20:29:07 ----D---- C:\Users\janl\AppData\Roaming\Dropbox
2012-12-29 20:24:37 ----D---- C:\Users\janl\AppData\Roaming\Skype
2012-12-29 15:59:49 ----D---- C:\Program Files\OpenVPN
2012-12-29 15:46:16 ----D---- C:\Users\janl\AppData\Roaming\Sparx Systems
2012-12-29 15:45:26 ----D---- C:\Program Files\Sparx Systems
2012-12-29 15:44:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-12-29 15:42:48 ----D---- C:\Users\janl\AppData\Roaming\Pencil
2012-12-29 15:42:25 ----D---- C:\Program Files\Evolus
2012-12-23 10:56:12 ----D---- C:\Program Files\Defraggler
2012-12-23 10:48:25 ----D---- C:\Users\janl\AppData\Roaming\Auslogics
2012-12-23 10:47:06 ----D---- C:\Users\janl\AppData\Roaming\Macromedia
2012-12-23 10:45:55 ----D---- C:\Users\janl\AppData\Roaming\Mozilla
2012-12-23 10:40:34 ----D---- C:\Users\janl\AppData\Roaming\Google
2012-12-23 10:26:08 ----D---- C:\Users\janl\AppData\Roaming\Adobe
2012-12-23 10:23:25 ----D---- C:\Users\janl\AppData\Roaming\ISIS Drivers
2012-12-23 10:14:21 ----A---- C:\Windows\system32\atmlib.dll
2012-12-23 10:14:21 ----A---- C:\Windows\system32\atmfd.dll
2012-12-23 10:09:59 ----D---- C:\Users\janl\AppData\Roaming\ICAClient
2012-12-23 10:09:42 ----D---- C:\Users\janl\AppData\Roaming\Identities
2012-12-23 10:09:27 ----SD---- C:\Users\janl\AppData\Roaming\Microsoft
2012-12-23 10:09:27 ----D---- C:\Users\janl\AppData\Roaming\Media Center Programs
2012-12-23 09:39:45 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 1 month======

2013-01-22 10:15:02 ----D---- C:\Windows\Prefetch
2013-01-22 10:14:51 ----RD---- C:\Program Files
2013-01-22 10:14:51 ----D---- C:\Windows\tracing
2013-01-22 10:14:27 ----D---- C:\TEMP
2013-01-22 09:41:33 ----D---- C:\Windows\system32\config
2013-01-22 09:27:29 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-01-21 10:06:28 ----D---- C:\Windows\System32
2013-01-19 14:05:23 ----D---- C:\Windows\system32\drivers
2013-01-19 14:01:34 ----SHD---- C:\System Volume Information
2013-01-19 13:47:59 ----D---- C:\Windows
2013-01-19 10:16:28 ----D---- C:\Windows\inf
2013-01-19 10:16:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-18 19:20:02 ----SHD---- C:\Windows\Installer
2013-01-18 19:20:02 ----HD---- C:\Program Files\InstallShield Installation Information
2013-01-17 12:19:07 ----HD---- C:\ProgramData
2013-01-17 12:16:45 ----D---- C:\Program Files\Common Files
2013-01-17 12:01:26 ----D---- C:\Windows\Temp
2013-01-12 15:37:17 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-01-11 13:34:40 ----D---- C:\Windows\rescache
2013-01-11 09:37:07 ----RSD---- C:\Windows\assembly
2013-01-11 09:37:07 ----D---- C:\Windows\Microsoft.NET
2013-01-11 09:24:35 ----D---- C:\Windows\winsxs
2013-01-11 09:24:16 ----D---- C:\Windows\system32\catroot2
2013-01-11 09:21:37 ----D---- C:\Windows\system32\cs-CZ
2013-01-10 19:31:23 ----D---- C:\ProgramData\Microsoft Help
2013-01-10 19:28:52 ----D---- C:\Windows\debug
2013-01-10 19:28:48 ----A---- C:\Windows\system32\MRT.exe
2013-01-10 10:20:05 ----D---- C:\Windows\system32\catroot
2013-01-06 12:33:44 ----D---- C:\ProgramData\Adobe
2013-01-04 09:32:32 ----RD---- C:\Users
2013-01-03 17:32:32 ----D---- C:\Windows\system32\DriverStore
2013-01-03 17:32:16 ----D---- C:\Windows\twain_32
2012-12-29 21:54:50 ----A---- C:\Windows\MAILTRAN.INI
2012-12-29 20:24:36 ----D---- C:\ProgramData\Skype
2012-12-23 10:41:27 ----D---- C:\Program Files\BS_Player
2012-12-23 10:34:56 ----D---- C:\Windows\Panther
2012-12-23 10:34:56 ----D---- C:\Windows\Minidump
2012-12-23 10:34:56 ----D---- C:\Windows\Logs
2012-12-23 10:09:38 ----SHD---- C:\$Recycle.Bin
2012-12-23 09:39:52 ----D---- C:\Windows\system32\Tasks
2012-12-23 09:31:12 ----D---- C:\ProgramData\KASTNER software
2012-12-23 09:28:22 ----RSD---- C:\Windows\Fonts
2012-12-23 09:21:33 ----D---- C:\ProgramData\Open Text
2012-12-23 09:18:25 ----D---- C:\ProgramData\Captaris

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-08-08 376480]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2009-08-26 421424]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2009-08-25 281648]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2009-08-25 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2009-09-03 188080]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 48128]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 296064]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2007-07-16 306299]
R2 Ethpdrv;Ethernet Packet Driver; C:\Windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-13 242240]
R3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R); C:\Windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-08 106656]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-09 73984]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130121.019\NAVENG.SYS [2013-01-15 93296]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130121.019\NAVEX15.SYS [2013-01-15 1603824]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NgLog;Aventail VPN Logging; C:\Windows\system32\DRIVERS\nglog.sys [2011-05-18 27208]
R3 NgVpn;Aventail VPN Adapter; C:\Windows\system32\DRIVERS\ngvpn.sys [2011-05-18 81480]
R3 NgWfp;Aventail VPN Callout; C:\Windows\system32\DRIVERS\ngwfp.sys [2011-05-18 25160]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-07-02 124976]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2009-09-03 26416]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-12-15 26624]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 172416]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 78336]
R3 WinUsb;Ovladač WinUSB; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-09-09 89856]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2011-09-09 26624]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-09-09 186880]
S3 IpwP;IPWireless 3G Network Adapter; C:\Windows\system32\DRIVERS\ipw3gnet.sys [2008-03-27 51040]
S3 massfilter;Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-02-22 9216]
S3 NgFilter;Aventail VPN Filter; C:\Windows\system32\DRIVERS\ngfilter.sys [2011-05-18 23112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2009-08-25 320560]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-06-24 123120]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-08 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-08 108392]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 NgVpnMgr;Aventail VPN Client; C:\Windows\system32\ngvpnmgr.exe [2011-05-18 290472]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-12-08 5241448]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-05-12 219752]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SmcService;Aplikace Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-09-17 1864888]
R2 Symantec AntiVirus;Aplikace Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-09-17 2477304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-02 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-12 251400]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-10-27 651720]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-02 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-11-08 194032]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2009-08-18 3093880]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-20 115608]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2011-12-15 14848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-02 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SNAC;Aplikace Symantec Network Access Control ; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-09-17 341320]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 22 led 2013 17:04

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

hael · #3 Příspěvek od **hael** » 23 led 2013 11:36

Dobrý den,

posílám log z Rkillu:

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/23/2013 11:34:51 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Active Proxy Server Detected

* Proxy Disabled.
* ProxyOverride value deleted.
* ProxyServer value deleted.
* AutoConfigURL value deleted.
* Proxy settings were backed up to Registry file.

Checking Registry for malware related settings:

* No issues found in the Registry.

Backup Registry file created at:
C:\Users\janl\Desktop\rkill\rkill-01-23-2013-11-34-56.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

10.193.44.10 othknlh1.t-ddm.biz

Program finished at: 01/23/2013 11:35:04 AM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

#4 Příspěvek od **vyosek** » 23 led 2013 11:58

OK, pockam si na ComboFix

hael · #5 Příspěvek od **hael** » 23 led 2013 11:59

A konečně i log z Combofixu:

ComboFix 13-01-23.01 - janl 23.01.2013 11:51:52.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1029.18.3572.1902 [GMT 1:00]
Running from: c:\users\janl\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 10:56 . 2013-01-23 10:56 -------- d-----w- c:\users\janl\AppData\Local\temp
2013-01-23 10:56 . 2013-01-23 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 10:56 . 2013-01-23 10:56 -------- d-----w- c:\users\administrator\AppData\Local\temp
2013-01-22 12:49 . 2013-01-22 12:49 -------- d-----w- c:\users\janl\AppData\Local\MGSuite
2013-01-22 09:14 . 2013-01-22 09:44 -------- d-----w- c:\program files\trend micro
2013-01-22 09:14 . 2013-01-22 09:15 -------- d-----w- C:\rsit
2013-01-18 18:20 . 2013-01-18 18:20 -------- d-----w- c:\users\janl\AppData\Local\IsolatedStorage
2013-01-18 18:20 . 2013-01-18 18:20 -------- d-----w- c:\users\janl\AppData\Roaming\IsolatedStorage
2013-01-18 18:20 . 2013-01-18 18:20 -------- d-----w- c:\users\janl\AppData\Local\BizAgi_Ltd
2013-01-18 18:20 . 2013-01-18 18:20 -------- d-----w- c:\users\janl\AppData\Local\BizAgi Ltd
2013-01-18 18:20 . 2013-01-18 18:20 -------- d-----w- c:\users\janl\AppData\Roaming\BizAgi Ltd
2013-01-18 18:19 . 2013-01-18 18:19 -------- d-----w- c:\program files\BizAgi
2013-01-18 18:18 . 2013-01-18 18:18 -------- d-----w- c:\users\janl\AppData\Local\Downloaded Installations
2013-01-18 18:17 . 2013-01-18 18:17 -------- d-----w- c:\program files\GanttProject
2013-01-18 11:37 . 2013-01-19 17:17 -------- d-----w- c:\program files\stinger
2013-01-17 11:19 . 2013-01-17 13:44 -------- d-----w- c:\users\janl\AppData\Roaming\Anvisoft
2013-01-17 11:19 . 2013-01-17 11:19 -------- d-----w- c:\programdata\Anvisoft
2013-01-17 11:01 . 2013-01-17 11:01 -------- d-----w- c:\program files\PC Tools
2013-01-17 10:56 . 2013-01-17 11:15 -------- d-----w- c:\programdata\PC Tools
2013-01-17 10:56 . 2013-01-17 10:56 -------- d-----w- c:\users\janl\AppData\Roaming\TestApp
2013-01-14 16:38 . 2013-01-14 16:38 -------- d-----w- c:\program files\Toucan
2013-01-12 08:37 . 2013-01-12 14:37 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-10 09:23 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 09:23 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-10 09:23 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 09:22 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-10 09:22 . 2012-11-30 04:47 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-10 09:20 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-06 11:40 . 2013-01-06 11:40 -------- d-----w- c:\program files\IZArc
2013-01-06 11:33 . 2013-01-06 11:33 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-04 08:32 . 2013-01-04 08:32 -------- d-----w- c:\users\SYSTEM
2013-01-03 16:40 . 2013-01-03 16:40 -------- d-----w- c:\users\janl\AppData\Local\PDF Writer
2013-01-03 16:39 . 2009-07-14 01:15 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2013-01-03 16:39 . 2013-01-03 16:39 -------- d-----w- c:\users\janl\AppData\Local\Programs
2013-01-03 16:39 . 2013-01-03 16:39 -------- d-----w- c:\users\janl\AppData\Roaming\PDF Writer
2013-01-03 16:39 . 2013-01-03 16:39 -------- d-----w- c:\programdata\PDF Writer
2013-01-03 16:39 . 2013-01-03 16:39 -------- d-----w- c:\program files\Common Files\Bullzip
2013-01-03 16:39 . 2008-10-30 13:02 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2013-01-03 16:39 . 2008-07-09 13:02 103424 ----a-w- c:\windows\system32\bzDCT.dll
2013-01-03 16:39 . 2012-10-09 13:02 139264 ----a-w- c:\windows\system32\bzpdfc.dll
2013-01-03 16:39 . 2012-10-09 13:02 200192 ----a-w- c:\windows\system32\bzpdf.dll
2013-01-03 16:38 . 2013-01-03 16:38 -------- d-----w- c:\program files\Bullzip
2013-01-03 16:32 . 2013-01-03 16:29 116032 ----a-w- c:\windows\Wiainst.exe
2013-01-03 16:31 . 2013-01-03 16:29 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sdf1mpc.dll
2013-01-03 16:31 . 2013-01-03 16:29 90112 ----a-w- c:\windows\system32\SaSegFlt.dll
2013-01-03 16:31 . 2013-01-03 16:29 61440 ----a-w- c:\windows\system32\SaErHdlr.dll
2013-01-03 16:31 . 2013-01-03 16:29 282624 ----a-w- c:\windows\system32\SaMinDrv.dll
2013-01-03 16:31 . 2013-01-03 16:29 106496 ----a-w- c:\windows\system32\SaImgFlt.dll
2013-01-03 16:31 . 2013-01-03 16:29 22723 ----a-w- c:\windows\system32\sdf1ml3.dll
2013-01-03 16:31 . 2013-01-03 16:29 65536 ----a-w- c:\windows\system32\dp2335ci.dll
2013-01-03 16:31 . 2013-01-03 16:29 151552 ----a-w- c:\windows\system32\dp2335ci.exe
2013-01-03 16:31 . 2013-01-03 16:29 65536 ----a-w- c:\windows\system32\sdf1mci.dll
2013-01-03 16:31 . 2013-01-03 16:29 151552 ----a-w- c:\windows\system32\sdf1mci.exe
2013-01-03 16:29 . 2013-01-03 16:29 -------- d-----w- c:\program files\DELL
2013-01-03 16:29 . 2013-01-03 16:29 65536 ------w- c:\windows\system32\ssdevm.dll
2013-01-03 16:29 . 2013-01-03 16:29 5120 ------w- c:\windows\system32\drivers\ssport.sys
2013-01-03 16:29 . 2013-01-03 16:29 49152 ------w- c:\windows\system32\ssusbpn.dll
2012-12-29 23:07 . 2013-01-03 16:34 -------- d-----w- C:\install
2012-12-29 22:44 . 2012-12-29 23:43 -------- d-----w- c:\users\janl\HOME
2012-12-29 21:10 . 2013-01-23 10:54 -------- d-----w- c:\users\janl\TMP
2012-12-29 19:45 . 2012-12-29 19:45 -------- d-----w- c:\program files\MWSnap
2012-12-29 19:44 . 2012-12-29 19:44 -------- d-----w- c:\users\janl\AppData\Local\GHISLER
2012-12-29 19:42 . 2012-12-29 19:44 -------- d-----w- C:\totalcmd
2012-12-29 19:42 . 2012-12-29 19:42 -------- d-----w- c:\users\janl\AppData\Roaming\GHISLER
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\UC.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\RAR.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\PKZIP.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\LHA.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\ARJ.PIF
2012-12-29 19:39 . 2013-01-23 08:54 -------- d-----r- c:\users\janl\Dropbox
2012-12-29 19:29 . 2013-01-23 10:42 -------- d-----w- c:\users\janl\AppData\Roaming\Dropbox
2012-12-29 19:24 . 2013-01-23 10:55 -------- d-----w- c:\users\janl\AppData\Roaming\Skype
2012-12-29 14:59 . 2012-12-29 15:00 -------- d-----w- c:\program files\OpenVPN
2012-12-29 14:46 . 2012-12-29 19:07 -------- d-----w- c:\users\janl\AppData\Roaming\Sparx Systems
2012-12-29 14:45 . 2012-12-29 14:45 -------- d-----w- c:\program files\Sparx Systems
2012-12-29 14:44 . 2012-12-29 14:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-12-29 14:42 . 2012-12-29 14:42 -------- d-----w- c:\users\janl\AppData\Roaming\Pencil
2012-12-29 14:42 . 2012-12-29 14:42 -------- d-----w- c:\users\janl\AppData\Local\Pencil
2012-12-29 14:42 . 2012-12-29 14:42 -------- d-----w- c:\program files\Evolus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 14:37 . 2012-04-14 11:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-12 14:37 . 2011-05-23 16:52 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 14:13 . 2012-12-23 09:14 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 09:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-14 02:09 . 2012-12-13 07:42 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 07:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 07:42 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 07:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 07:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 07:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 11:19 . 2012-11-13 11:19 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-09 04:42 . 2012-12-12 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 14:16 376832 ----a-w- c:\windows\system32\dpnet.dll
2010-10-12 14:33 . 2013-01-20 08:58 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 16:15 . 2013-01-20 08:58 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 14:37 . 2013-01-20 08:58 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 14:35 . 2013-01-20 08:58 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 14:34 . 2013-01-20 08:58 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 14:32 . 2013-01-20 08:58 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 14:35 . 2013-01-20 08:58 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 14:34 . 2013-01-20 08:58 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 10:42 . 2013-01-20 08:58 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 14:37 . 2013-01-20 08:58 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-01-20 08:59 . 2013-01-20 08:58 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\janl\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\janl\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\janl\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\janl\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-08 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"nwiz"="nwiz.exe" [2010-05-05 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-12 13838952]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-05-12 92776]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-28 74752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\users\janl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\janl\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2010-8-10 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [x]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [x]
S2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [x]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 e1yexpress;Ovladac gigabitových sítových pripojení Intel(R);c:\windows\system32\DRIVERS\e1y6032.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladac adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys [x]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys [x]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 14:02 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 14:37]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 14:56]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 14:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.26
DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} - hxxp://lickovi.no-ip.org/AxViewer/AxMediaControl.cab
FF - ProfilePath - c:\users\janl\AppData\Roaming\Mozilla\Firefox\Profiles\h9gibfmw.default\
FF - prefs.js: network.proxy.ftp - 192.168.1.20
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 192.168.1.20
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 192.168.1.20
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 192.168.1.20
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: 2012-12-23 10:40; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
AddRemove-Šetric Cimrman 1 - c:\program files\Šetric Cimrman 1\Šetric Cimrman 1.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2284)
c:\users\janl\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
Completion time: 2013-01-23 11:58:38
ComboFix-quarantined-files.txt 2013-01-23 10:58
.
Pre-Run: Volných bajtu: 109 709 303 808
Post-Run: Volných bajtu: 109 676 945 408
.
- - End Of File - - 79F99A3F79ED64DFA46F54CA6B3C8A3E

#6 Příspěvek od **vyosek** » 23 led 2013 12:08

Nez projdu log, uploadnete mi tento soubor C:\Users\janl\Desktop\rkill\rkill-01-23-2013-11-34-56.reg na LP http://leteckaposta.cz/

hael · #7 Příspěvek od **hael** » 23 led 2013 12:20

Posílám odkaz na soubor:

http://leteckaposta.cz/665256035

#8 Příspěvek od **vyosek** » 23 led 2013 12:23

Poprosim jeste o DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171

hael · #9 Příspěvek od **hael** » 23 led 2013 12:32

Posílám ještě log z DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by janl at 12:30:45 on 2013-01-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1029.18.3572.1850 [GMT 1:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\ngvpnmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Sparx Systems\EA\EA.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: BS Player Toolbar: {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - c:\program files\bs_player\prxtbBS_2.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\janl\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\janl\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} - hxxp://lickovi.no-ip.org/AxViewer/AxMediaControl.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.26
TCP: Interfaces\{58178713-54A7-42EB-B700-FD0C4AD722B8} : DHCPNameServer = 192.168.1.26
TCP: Interfaces\{F1A44FD6-5E99-49B1-AC2D-DF3A9315922A} : DHCPNameServer = 94.74.192.252 192.168.100.1
TCP: Interfaces\{F1A44FD6-5E99-49B1-AC2D-DF3A9315922A}\2557072756368647F667236363 : DHCPNameServer = 192.168.1.4 192.168.100.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 10.193.44.10 othknlh1.t-ddm.biz
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\janl\appdata\roaming\mozilla\firefox\profiles\h9gibfmw.default\
FF - prefs.js: network.proxy.ftp - 192.168.1.20
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 192.168.1.20
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 192.168.1.20
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 192.168.1.20
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: 2012-12-23 10:40; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\t-mobile\web'n'walk manager\ameisvc.exe [2011-6-24 123120]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [2007-8-1 16376]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [2011-5-18 290472]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-12-8 5241448]
R2 Symantec AntiVirus;Aplikace Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-11-13 242240]
R3 e1yexpress;Ovladac gigabitových sítových pripojení Intel(R);c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-6-29 73984]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladac adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [2011-5-18 27208]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [2011-5-18 81480]
R3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [2011-5-18 25160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-6-29 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-6-29 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\drivers\ew_jucdcacm.sys [2012-6-29 89856]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\drivers\ew_juextctrl.sys [2012-6-29 26624]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\drivers\ew_juwwanecm.sys [2012-6-29 186880]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [2008-3-27 51040]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-11-12 9216]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [2011-5-18 23112]
S3 StorSvc;Služba úložište;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-14 52224]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-2 1343400]
.
=============== Created Last 30 ================
.
2013-01-23 10:58:40 -------- d-----w- c:\users\janl\appdata\local\temp
2013-01-23 10:57:44 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-23 10:50:09 98816 ----a-w- c:\windows\sed.exe
2013-01-23 10:50:09 256000 ----a-w- c:\windows\PEV.exe
2013-01-23 10:50:09 208896 ----a-w- c:\windows\MBR.exe
2013-01-22 12:49:13 -------- d-----w- c:\users\janl\appdata\local\MGSuite
2013-01-22 09:14:51 -------- d-----w- c:\program files\trend micro
2013-01-18 18:20:57 -------- d-----w- c:\users\janl\appdata\roaming\IsolatedStorage
2013-01-18 18:20:57 -------- d-----w- c:\users\janl\appdata\local\IsolatedStorage
2013-01-18 18:20:56 -------- d-----w- c:\users\janl\appdata\local\BizAgi_Ltd
2013-01-18 18:20:56 -------- d-----w- c:\users\janl\appdata\local\BizAgi Ltd
2013-01-18 18:20:55 -------- d-----w- c:\users\janl\appdata\roaming\BizAgi Ltd
2013-01-18 18:19:55 -------- d-----w- c:\program files\BizAgi
2013-01-18 18:18:31 -------- d-----w- c:\users\janl\appdata\local\Downloaded Installations
2013-01-18 18:17:48 -------- d-----w- c:\program files\GanttProject
2013-01-18 11:37:18 -------- d-----w- c:\program files\stinger
2013-01-17 11:19:30 -------- d-----w- c:\users\janl\appdata\roaming\Anvisoft
2013-01-17 11:19:07 -------- d-----w- c:\programdata\Anvisoft
2013-01-17 11:01:10 -------- d-----w- c:\program files\PC Tools
2013-01-17 10:56:10 -------- d-----w- c:\programdata\PC Tools
2013-01-17 10:56:08 -------- d-----w- c:\users\janl\appdata\roaming\TestApp
2013-01-14 16:38:29 -------- d-----w- c:\program files\Toucan
2013-01-12 08:37:11 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-11 09:34:58 -------- d-----w- c:\program files\Mozilla Firefox.bak
2013-01-10 09:23:58 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 09:23:51 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-10 09:23:48 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 09:22:37 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-10 09:22:00 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-10 09:20:35 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-06 11:40:54 -------- d-----w- c:\program files\IZArc
2013-01-03 16:40:42 -------- d-----w- c:\users\janl\appdata\local\PDF Writer
2013-01-03 16:39:52 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
2013-01-03 16:39:33 -------- d-----w- c:\users\janl\appdata\local\Programs
2013-01-03 16:39:03 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2013-01-03 16:39:03 103424 ----a-w- c:\windows\system32\bzDCT.dll
2013-01-03 16:39:03 -------- d-----w- c:\users\janl\appdata\roaming\PDF Writer
2013-01-03 16:39:03 -------- d-----w- c:\programdata\PDF Writer
2013-01-03 16:39:03 -------- d-----w- c:\program files\common files\Bullzip
2013-01-03 16:39:02 139264 ----a-w- c:\windows\system32\bzpdfc.dll
2013-01-03 16:39:00 200192 ----a-w- c:\windows\system32\bzpdf.dll
2013-01-03 16:38:56 -------- d-----w- c:\program files\Bullzip
2013-01-03 16:32:36 116032 ----a-w- c:\windows\Wiainst.exe
2013-01-03 16:31:36 19968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\sdf1mpc.dll
2013-01-03 16:31:03 90112 ----a-w- c:\windows\system32\SaSegFlt.dll
2013-01-03 16:31:03 61440 ----a-w- c:\windows\system32\SaErHdlr.dll
2013-01-03 16:31:03 282624 ----a-w- c:\windows\system32\SaMinDrv.dll
2013-01-03 16:31:03 106496 ----a-w- c:\windows\system32\SaImgFlt.dll
2013-01-03 16:31:02 22723 ----a-w- c:\windows\system32\sdf1ml3.dll
2013-01-03 16:31:01 65536 ----a-w- c:\windows\system32\dp2335ci.dll
2013-01-03 16:31:01 151552 ----a-w- c:\windows\system32\dp2335ci.exe
2013-01-03 16:31:00 65536 ----a-w- c:\windows\system32\sdf1mci.dll
2013-01-03 16:31:00 151552 ----a-w- c:\windows\system32\sdf1mci.exe
2013-01-03 16:29:34 65536 ------w- c:\windows\system32\ssdevm.dll
2013-01-03 16:29:34 5120 ------w- c:\windows\system32\drivers\ssport.sys
2013-01-03 16:29:34 49152 ------w- c:\windows\system32\ssusbpn.dll
2013-01-03 16:29:34 -------- d-----w- c:\program files\DELL
2012-12-29 23:07:25 -------- d-----w- C:\install
2012-12-29 22:44:00 -------- d-----w- c:\users\janl\HOME
2012-12-29 21:10:15 -------- d-----w- c:\users\janl\TMP
2012-12-29 19:45:09 -------- d-----w- c:\program files\MWSnap
2012-12-29 19:44:12 -------- d-----w- c:\users\janl\appdata\local\GHISLER
2012-12-29 19:42:22 545 ----a-w- c:\windows\UC.PIF
2012-12-29 19:42:22 545 ----a-w- c:\windows\RAR.PIF
2012-12-29 19:42:22 545 ----a-w- c:\windows\PKZIP.PIF
2012-12-29 19:42:22 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-12-29 19:42:22 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-12-29 19:42:22 545 ----a-w- c:\windows\LHA.PIF
2012-12-29 19:42:22 545 ----a-w- c:\windows\ARJ.PIF
2012-12-29 19:42:22 -------- d-----w- c:\users\janl\appdata\roaming\GHISLER
2012-12-29 19:42:22 -------- d-----w- C:\totalcmd
2012-12-29 19:39:43 -------- d-----r- c:\users\janl\Dropbox
2012-12-29 19:29:07 -------- d-----w- c:\users\janl\appdata\roaming\Dropbox
2012-12-29 14:59:49 -------- d-----w- c:\program files\OpenVPN
2012-12-29 14:46:16 -------- d-----w- c:\users\janl\appdata\roaming\Sparx Systems
2012-12-29 14:45:26 -------- d-----w- c:\program files\Sparx Systems
2012-12-29 14:44:20 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-12-29 14:42:48 -------- d-----w- c:\users\janl\appdata\roaming\Pencil
2012-12-29 14:42:48 -------- d-----w- c:\users\janl\appdata\local\Pencil
2012-12-29 14:42:25 -------- d-----w- c:\program files\Evolus
.
==================== Find3M ====================
.
2013-01-12 14:37:17 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-12 14:37:17 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 11:19:19 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
.
============= FINISH: 12:31:06,09 ===============

#10 Příspěvek od **vyosek** » 23 led 2013 17:04

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\program files\winamp toolbar

DDS::
mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\program files\winamp toolbar\winamptb.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: BS Player Toolbar: {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - c:\program files\bs_player\prxtbBS_2.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [swg]
uRun: [Skype]
mRun: [SunJavaUpdateSched]
mRun: [WinampAgent]
mRun: [Adobe ARM]

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Firefox::
FF - ProfilePath - c:\users\janl\AppData\Roaming\Mozilla\Firefox\Profiles\h9gibfmw.default\
FF - prefs.js: network.proxy.ftp - 192.168.1.20
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - 192.168.1.20
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 192.168.1.20
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 192.168.1.20
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

hael · #11 Příspěvek od **hael** » 23 led 2013 18:31

Požadovanou operaci jsem provedl, počítač se restartoval bez problémů. Přikládám log:

ComboFix 13-01-23.01 - janl 23.01.2013 18:10:01.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1029.18.3572.1648 [GMT 1:00]
Running from: c:\users\janl\Desktop\ComboFix.exe
Command switches used :: c:\users\janl\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\winamp toolbar
c:\program files\winamp toolbar\install.log
c:\program files\winamp toolbar\uninstall.exe
c:\program files\winamp toolbar\winamptb.dll
c:\program files\winamp toolbar\winamptbServer.exe
c:\program files\winamp toolbar\winamptbServerPS.dll
c:\program files\winamp toolbar\xprt6.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 17:16 . 2013-01-23 17:16 -------- d-----w- c:\users\janl\AppData\Local\temp
2013-01-23 17:16 . 2013-01-23 17:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-22 12:49 . 2013-01-22 12:49 -------- d-----w- c:\users\janl\AppData\Local\MGSuite
2013-01-22 09:14 . 2013-01-22 09:44 -------- d-----w- c:\program files\trend micro
2013-01-22 09:14 . 2013-01-22 09:15 -------- d-----w- C:\rsit
2013-01-18 18:20 . 2013-01-18 18:20 -------- d-----w- c:\users\janl\AppData\Local\IsolatedStorage
2013-01-18 18:20 . 2013-01-18 18:20 -------- d-----w- c:\users\janl\AppData\Roaming\IsolatedStorage
2013-01-18 18:20 . 2013-01-18 18:20 -------- d-----w- c:\users\janl\AppData\Local\BizAgi_Ltd
2013-01-18 18:20 . 2013-01-18 18:20 -------- d-----w- c:\users\janl\AppData\Local\BizAgi Ltd
2013-01-18 18:20 . 2013-01-18 18:20 -------- d-----w- c:\users\janl\AppData\Roaming\BizAgi Ltd
2013-01-18 18:19 . 2013-01-18 18:19 -------- d-----w- c:\program files\BizAgi
2013-01-18 18:18 . 2013-01-18 18:18 -------- d-----w- c:\users\janl\AppData\Local\Downloaded Installations
2013-01-18 18:17 . 2013-01-18 18:17 -------- d-----w- c:\program files\GanttProject
2013-01-18 11:37 . 2013-01-19 17:17 -------- d-----w- c:\program files\stinger
2013-01-17 11:19 . 2013-01-17 13:44 -------- d-----w- c:\users\janl\AppData\Roaming\Anvisoft
2013-01-17 11:19 . 2013-01-17 11:19 -------- d-----w- c:\programdata\Anvisoft
2013-01-17 11:01 . 2013-01-17 11:01 -------- d-----w- c:\program files\PC Tools
2013-01-17 10:56 . 2013-01-17 11:15 -------- d-----w- c:\programdata\PC Tools
2013-01-17 10:56 . 2013-01-17 10:56 -------- d-----w- c:\users\janl\AppData\Roaming\TestApp
2013-01-14 16:38 . 2013-01-14 16:38 -------- d-----w- c:\program files\Toucan
2013-01-12 08:37 . 2013-01-12 14:37 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-01-10 09:23 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 09:23 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-10 09:23 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 09:22 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-10 09:22 . 2012-11-30 04:47 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-10 09:20 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-06 11:40 . 2013-01-06 11:40 -------- d-----w- c:\program files\IZArc
2013-01-06 11:33 . 2013-01-06 11:33 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-04 08:32 . 2013-01-23 10:58 -------- d-----w- c:\users\SYSTEM
2013-01-03 16:40 . 2013-01-03 16:40 -------- d-----w- c:\users\janl\AppData\Local\PDF Writer
2013-01-03 16:39 . 2009-07-14 01:15 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2013-01-03 16:39 . 2013-01-03 16:39 -------- d-----w- c:\users\janl\AppData\Local\Programs
2013-01-03 16:39 . 2013-01-03 16:39 -------- d-----w- c:\users\janl\AppData\Roaming\PDF Writer
2013-01-03 16:39 . 2013-01-03 16:39 -------- d-----w- c:\programdata\PDF Writer
2013-01-03 16:39 . 2013-01-03 16:39 -------- d-----w- c:\program files\Common Files\Bullzip
2013-01-03 16:39 . 2008-10-30 13:02 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2013-01-03 16:39 . 2008-07-09 13:02 103424 ----a-w- c:\windows\system32\bzDCT.dll
2013-01-03 16:39 . 2012-10-09 13:02 139264 ----a-w- c:\windows\system32\bzpdfc.dll
2013-01-03 16:39 . 2012-10-09 13:02 200192 ----a-w- c:\windows\system32\bzpdf.dll
2013-01-03 16:38 . 2013-01-03 16:38 -------- d-----w- c:\program files\Bullzip
2013-01-03 16:32 . 2013-01-03 16:29 116032 ----a-w- c:\windows\Wiainst.exe
2013-01-03 16:31 . 2013-01-03 16:29 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sdf1mpc.dll
2013-01-03 16:31 . 2013-01-03 16:29 90112 ----a-w- c:\windows\system32\SaSegFlt.dll
2013-01-03 16:31 . 2013-01-03 16:29 61440 ----a-w- c:\windows\system32\SaErHdlr.dll
2013-01-03 16:31 . 2013-01-03 16:29 282624 ----a-w- c:\windows\system32\SaMinDrv.dll
2013-01-03 16:31 . 2013-01-03 16:29 106496 ----a-w- c:\windows\system32\SaImgFlt.dll
2013-01-03 16:31 . 2013-01-03 16:29 22723 ----a-w- c:\windows\system32\sdf1ml3.dll
2013-01-03 16:31 . 2013-01-03 16:29 65536 ----a-w- c:\windows\system32\dp2335ci.dll
2013-01-03 16:31 . 2013-01-03 16:29 151552 ----a-w- c:\windows\system32\dp2335ci.exe
2013-01-03 16:31 . 2013-01-03 16:29 65536 ----a-w- c:\windows\system32\sdf1mci.dll
2013-01-03 16:31 . 2013-01-03 16:29 151552 ----a-w- c:\windows\system32\sdf1mci.exe
2013-01-03 16:29 . 2013-01-03 16:29 -------- d-----w- c:\program files\DELL
2013-01-03 16:29 . 2013-01-03 16:29 65536 ------w- c:\windows\system32\ssdevm.dll
2013-01-03 16:29 . 2013-01-03 16:29 5120 ------w- c:\windows\system32\drivers\ssport.sys
2013-01-03 16:29 . 2013-01-03 16:29 49152 ------w- c:\windows\system32\ssusbpn.dll
2012-12-29 23:07 . 2013-01-03 16:34 -------- d-----w- C:\install
2012-12-29 22:44 . 2012-12-29 23:43 -------- d-----w- c:\users\janl\HOME
2012-12-29 21:10 . 2013-01-23 17:19 -------- d-----w- c:\users\janl\TMP
2012-12-29 19:45 . 2012-12-29 19:45 -------- d-----w- c:\program files\MWSnap
2012-12-29 19:44 . 2012-12-29 19:44 -------- d-----w- c:\users\janl\AppData\Local\GHISLER
2012-12-29 19:42 . 2012-12-29 19:44 -------- d-----w- C:\totalcmd
2012-12-29 19:42 . 2012-12-29 19:42 -------- d-----w- c:\users\janl\AppData\Roaming\GHISLER
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\UC.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\RAR.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\PKZIP.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\LHA.PIF
2012-12-29 19:42 . 2007-09-14 06:02 545 ----a-w- c:\windows\ARJ.PIF
2012-12-29 19:39 . 2013-01-23 17:19 -------- d-----r- c:\users\janl\Dropbox
2012-12-29 19:29 . 2013-01-23 17:19 -------- d-----w- c:\users\janl\AppData\Roaming\Dropbox
2012-12-29 19:24 . 2013-01-23 16:54 -------- d-----w- c:\users\janl\AppData\Roaming\Skype
2012-12-29 14:59 . 2012-12-29 15:00 -------- d-----w- c:\program files\OpenVPN
2012-12-29 14:46 . 2012-12-29 19:07 -------- d-----w- c:\users\janl\AppData\Roaming\Sparx Systems
2012-12-29 14:45 . 2012-12-29 14:45 -------- d-----w- c:\program files\Sparx Systems
2012-12-29 14:44 . 2012-12-29 14:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-12-29 14:42 . 2012-12-29 14:42 -------- d-----w- c:\users\janl\AppData\Roaming\Pencil
2012-12-29 14:42 . 2012-12-29 14:42 -------- d-----w- c:\users\janl\AppData\Local\Pencil
2012-12-29 14:42 . 2012-12-29 14:42 -------- d-----w- c:\program files\Evolus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 14:37 . 2012-04-14 11:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-12 14:37 . 2011-05-23 16:52 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 14:13 . 2012-12-23 09:14 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 09:14 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-14 02:09 . 2012-12-13 07:42 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 07:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 07:42 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 07:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 07:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 07:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 11:19 . 2012-11-13 11:19 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-09 04:42 . 2012-12-12 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 14:16 376832 ----a-w- c:\windows\system32\dpnet.dll
2010-10-12 14:33 . 2013-01-20 08:58 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-10-12 16:15 . 2013-01-20 08:58 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-10-12 14:37 . 2013-01-20 08:58 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-10-12 14:35 . 2013-01-20 08:58 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-10-12 14:34 . 2013-01-20 08:58 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-10-12 14:32 . 2013-01-20 08:58 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-10-12 14:35 . 2013-01-20 08:58 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-10-12 14:34 . 2013-01-20 08:58 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-07-14 10:42 . 2013-01-20 08:58 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-10-12 14:37 . 2013-01-20 08:58 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-01-20 08:59 . 2013-01-20 08:58 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\janl\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\janl\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\janl\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\janl\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"nwiz"="nwiz.exe" [2010-05-05 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-12 13838952]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-05-12 92776]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
.
c:\users\janl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\janl\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2010-8-10 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\DRIVERS\ipw3gnet.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [x]
S2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\DRIVERS\ethpdrv.sys [x]
S2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [x]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 e1yexpress;Ovladac gigabitových sítových pripojení Intel(R);c:\windows\system32\DRIVERS\e1y6032.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladac adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys [x]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys [x]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 14:02 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 14:37]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 14:56]
.
2013-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-02 14:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.26
DPF: {B4CB8358-ABDB-47EE-BC2D-437B5DEBABCB} - hxxp://lickovi.no-ip.org/AxViewer/AxMediaControl.cab
FF - ProfilePath - c:\users\janl\AppData\Roaming\Mozilla\Firefox\Profiles\h9gibfmw.default\
FF - ExtSQL: 2012-12-23 10:40; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe
AddRemove-Šetric Cimrman 1 - c:\program files\Šetric Cimrman 1\Šetric Cimrman 1.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3472)
c:\users\janl\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-01-23 18:24:01 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-23 17:24
ComboFix2.txt 2013-01-23 10:58
.
Pre-Run: Volných bajtu: 109 311 307 776
Post-Run: Volných bajtu: 109 313 843 200
.
- - End Of File - - AC471EED916CAD185098C7C898378B6E

#12 Příspěvek od **vyosek** » 23 led 2013 20:45

Fajn, jak se chova PC

hael · #13 Příspěvek od **hael** » 24 led 2013 11:10

Dobrý den,

tak včera večer jsem si liboval, že je to vyřešeno. Nicméně před chvilinkou mi scanner od Symanteku znovu nahlásil výskyt tmp-souborů s Trojan.Gen.2. Všechny infikované tmp-soubory začínají na DWHxxxx.tmp

#14 Příspěvek od **vyosek** » 24 led 2013 11:59

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V okne Additional Option zakliknete vsechny moznosti
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbanr
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

hael · #15 Příspěvek od **hael** » 24 led 2013 12:13

Dobrý den,

posílám log z TDSSKilleru:

12:09:29.0482 2876 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:09:30.0527 2876 ============================================================
12:09:30.0527 2876 Current date / time: 2013/01/24 12:09:30.0527
12:09:30.0527 2876 SystemInfo:
12:09:30.0527 2876
12:09:30.0527 2876 OS Version: 6.1.7601 ServicePack: 1.0
12:09:30.0527 2876 Product type: Workstation
12:09:30.0527 2876 ComputerName: NBJLI
12:09:30.0527 2876 UserName: janl
12:09:30.0527 2876 Windows directory: C:\Windows
12:09:30.0527 2876 System windows directory: C:\Windows
12:09:30.0527 2876 Processor architecture: Intel x86
12:09:30.0527 2876 Number of processors: 2
12:09:30.0527 2876 Page size: 0x1000
12:09:30.0527 2876 Boot type: Normal boot
12:09:30.0527 2876 ============================================================
12:09:31.0853 2876 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:09:31.0853 2876 ============================================================
12:09:31.0853 2876 \Device\Harddisk0\DR0:
12:09:31.0853 2876 MBR partitions:
12:09:31.0853 2876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x42AD1, BlocksNum 0x129D5FF0
12:09:31.0853 2876 ============================================================
12:09:31.0868 2876 C: <-> \Device\Harddisk0\DR0\Partition1
12:09:31.0868 2876 ============================================================
12:09:31.0868 2876 Initialize success
12:09:31.0868 2876 ============================================================
12:10:24.0799 2008 ============================================================
12:10:24.0799 2008 Scan started
12:10:24.0799 2008 Mode: Manual; SigCheck; TDLFS;
12:10:24.0799 2008 ============================================================
12:10:25.0236 2008 ================ Scan system memory ========================
12:10:25.0236 2008 System memory - ok
12:10:25.0236 2008 ================ Scan services =============================
12:10:25.0423 2008 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:10:25.0533 2008 1394ohci - ok
12:10:25.0564 2008 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:10:25.0595 2008 ACPI - ok
12:10:25.0626 2008 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:10:25.0704 2008 AcpiPmi - ok
12:10:25.0813 2008 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:10:25.0876 2008 AdobeARMservice - ok
12:10:25.0954 2008 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:10:26.0016 2008 AdobeFlashPlayerUpdateSvc - ok
12:10:26.0063 2008 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:10:26.0125 2008 adp94xx - ok
12:10:26.0157 2008 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:10:26.0203 2008 adpahci - ok
12:10:26.0219 2008 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:10:26.0250 2008 adpu320 - ok
12:10:26.0281 2008 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:10:26.0344 2008 AeLookupSvc - ok
12:10:26.0375 2008 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:10:26.0422 2008 AFD - ok
12:10:26.0453 2008 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:10:26.0469 2008 agp440 - ok
12:10:26.0500 2008 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:10:26.0531 2008 aic78xx - ok
12:10:26.0562 2008 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:10:26.0640 2008 ALG - ok
12:10:26.0687 2008 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:10:26.0718 2008 aliide - ok
12:10:26.0734 2008 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:10:26.0765 2008 amdagp - ok
12:10:26.0781 2008 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:10:26.0796 2008 amdide - ok
12:10:26.0827 2008 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:10:26.0859 2008 AmdK8 - ok
12:10:26.0874 2008 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:10:26.0921 2008 AmdPPM - ok
12:10:26.0952 2008 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:10:26.0968 2008 amdsata - ok
12:10:26.0999 2008 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:10:27.0030 2008 amdsbs - ok
12:10:27.0046 2008 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:10:27.0077 2008 amdxata - ok
12:10:27.0139 2008 [ 9B9A81B298410C4388D8E41DE5F5386B ] ameisvc C:\Program Files\T-Mobile\Web'n'walk Manager\ameisvc.exe
12:10:27.0202 2008 ameisvc - ok
12:10:27.0233 2008 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:10:27.0358 2008 AppID - ok
12:10:27.0389 2008 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:10:27.0420 2008 AppIDSvc - ok
12:10:27.0467 2008 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
12:10:27.0514 2008 Appinfo - ok
12:10:27.0529 2008 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
12:10:27.0592 2008 AppMgmt - ok
12:10:27.0623 2008 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:10:27.0654 2008 arc - ok
12:10:27.0670 2008 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:10:27.0701 2008 arcsas - ok
12:10:27.0795 2008 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:10:27.0904 2008 aspnet_state - ok
12:10:27.0935 2008 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:10:28.0013 2008 AsyncMac - ok
12:10:28.0044 2008 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:10:28.0075 2008 atapi - ok
12:10:28.0107 2008 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:10:28.0169 2008 AudioEndpointBuilder - ok
12:10:28.0185 2008 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:10:28.0216 2008 Audiosrv - ok
12:10:28.0278 2008 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:10:28.0341 2008 AxInstSV - ok
12:10:28.0387 2008 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:10:28.0434 2008 b06bdrv - ok
12:10:28.0450 2008 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:10:28.0481 2008 b57nd60x - ok
12:10:28.0528 2008 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:10:28.0559 2008 BDESVC - ok
12:10:28.0590 2008 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:10:28.0637 2008 Beep - ok
12:10:28.0668 2008 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:10:28.0731 2008 BFE - ok
12:10:28.0777 2008 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
12:10:28.0840 2008 BITS - ok
12:10:28.0871 2008 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:10:28.0887 2008 blbdrive - ok
12:10:28.0918 2008 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:10:28.0949 2008 bowser - ok
12:10:28.0980 2008 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:10:29.0027 2008 BrFiltLo - ok
12:10:29.0043 2008 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:10:29.0074 2008 BrFiltUp - ok
12:10:29.0121 2008 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:10:29.0199 2008 BridgeMP - ok
12:10:29.0245 2008 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:10:29.0308 2008 Browser - ok
12:10:29.0339 2008 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:10:29.0370 2008 Brserid - ok
12:10:29.0401 2008 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:10:29.0433 2008 BrSerWdm - ok
12:10:29.0464 2008 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:10:29.0495 2008 BrUsbMdm - ok
12:10:29.0495 2008 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:10:29.0526 2008 BrUsbSer - ok
12:10:29.0542 2008 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:10:29.0589 2008 BTHMODEM - ok
12:10:29.0635 2008 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:10:29.0682 2008 bthserv - ok
12:10:29.0760 2008 catchme - ok
12:10:29.0823 2008 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:10:29.0869 2008 ccEvtMgr - ok
12:10:29.0885 2008 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:10:29.0901 2008 ccSetMgr - ok
12:10:29.0932 2008 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:10:29.0979 2008 cdfs - ok
12:10:30.0025 2008 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:10:30.0072 2008 cdrom - ok
12:10:30.0103 2008 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:10:30.0135 2008 CertPropSvc - ok
12:10:30.0150 2008 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:10:30.0181 2008 circlass - ok
12:10:30.0213 2008 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:10:30.0244 2008 CLFS - ok
12:10:30.0322 2008 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:10:30.0415 2008 clr_optimization_v2.0.50727_32 - ok
12:10:30.0462 2008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:10:30.0493 2008 clr_optimization_v4.0.30319_32 - ok
12:10:30.0525 2008 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:10:30.0556 2008 CmBatt - ok
12:10:30.0587 2008 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:10:30.0618 2008 cmdide - ok
12:10:30.0665 2008 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
12:10:30.0743 2008 CNG - ok
12:10:30.0774 2008 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:10:30.0805 2008 Compbatt - ok
12:10:30.0837 2008 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:10:30.0868 2008 CompositeBus - ok
12:10:30.0883 2008 COMSysApp - ok
12:10:30.0915 2008 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:10:30.0930 2008 crcdisk - ok
12:10:30.0977 2008 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:10:30.0993 2008 CryptSvc - ok
12:10:31.0024 2008 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
12:10:31.0055 2008 CSC - ok
12:10:31.0086 2008 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
12:10:31.0117 2008 CscService - ok
12:10:31.0195 2008 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
12:10:31.0211 2008 ctxusbm - ok
12:10:31.0242 2008 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
12:10:31.0273 2008 CVirtA - ok
12:10:31.0414 2008 [ DAD192D12DD0B4C92F6843203852829F ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
12:10:31.0445 2008 CVPND - ok
12:10:31.0570 2008 [ 26DEEF07394624247D1F549BD94F0B15 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
12:10:31.0632 2008 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
12:10:31.0632 2008 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
12:10:31.0679 2008 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:10:31.0741 2008 DcomLaunch - ok
12:10:31.0773 2008 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:10:31.0835 2008 defragsvc - ok
12:10:31.0866 2008 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:10:31.0913 2008 DfsC - ok
12:10:31.0960 2008 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:10:31.0991 2008 Dhcp - ok
12:10:32.0022 2008 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:10:32.0069 2008 discache - ok
12:10:32.0100 2008 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:10:32.0147 2008 Disk - ok
12:10:32.0163 2008 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
12:10:32.0178 2008 DNE - ok
12:10:32.0225 2008 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:10:32.0256 2008 Dnscache - ok
12:10:32.0287 2008 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:10:32.0397 2008 dot3svc - ok
12:10:32.0428 2008 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:10:32.0475 2008 DPS - ok
12:10:32.0521 2008 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:10:32.0584 2008 drmkaud - ok
12:10:32.0615 2008 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:10:32.0646 2008 dtsoftbus01 - ok
12:10:32.0677 2008 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:10:32.0724 2008 DXGKrnl - ok
12:10:32.0771 2008 [ 8EEF52AD831471E323EE7364A8656D35 ] e1yexpress C:\Windows\system32\DRIVERS\e1y6032.sys
12:10:32.0802 2008 e1yexpress - ok
12:10:32.0849 2008 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:10:32.0927 2008 EapHost - ok
12:10:33.0052 2008 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:10:33.0192 2008 ebdrv - ok
12:10:33.0255 2008 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:10:33.0301 2008 eeCtrl - ok
12:10:33.0333 2008 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:10:33.0364 2008 EFS - ok
12:10:33.0426 2008 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:10:33.0598 2008 ehRecvr - ok
12:10:33.0629 2008 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:10:33.0707 2008 ehSched - ok
12:10:33.0738 2008 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:10:33.0785 2008 elxstor - ok
12:10:33.0863 2008 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:10:33.0925 2008 EraserUtilRebootDrv - ok
12:10:33.0941 2008 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:10:33.0988 2008 ErrDev - ok
12:10:34.0035 2008 [ 66742188777CCA93B0402792DC1F1058 ] Ethpdrv C:\Windows\system32\DRIVERS\ethpdrv.sys
12:10:34.0066 2008 Ethpdrv - ok
12:10:34.0097 2008 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:10:34.0144 2008 EventSystem - ok
12:10:34.0191 2008 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
12:10:34.0237 2008 ew_hwusbdev - ok
12:10:34.0269 2008 [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
12:10:34.0284 2008 ew_usbenumfilter - ok
12:10:34.0315 2008 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:10:34.0362 2008 exfat - ok
12:10:34.0393 2008 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:10:34.0425 2008 fastfat - ok
12:10:34.0487 2008 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:10:34.0549 2008 Fax - ok
12:10:34.0565 2008 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:10:34.0596 2008 fdc - ok
12:10:34.0643 2008 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:10:34.0674 2008 fdPHost - ok
12:10:34.0690 2008 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:10:34.0737 2008 FDResPub - ok
12:10:34.0752 2008 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:10:34.0783 2008 FileInfo - ok
12:10:34.0815 2008 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:10:34.0861 2008 Filetrace - ok
12:10:34.0893 2008 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:10:34.0955 2008 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:10:34.0955 2008 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:10:34.0986 2008 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:10:35.0017 2008 flpydisk - ok
12:10:35.0049 2008 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:10:35.0080 2008 FltMgr - ok
12:10:35.0142 2008 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
12:10:35.0220 2008 FontCache - ok
12:10:35.0298 2008 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:10:35.0345 2008 FontCache3.0.0.0 - ok
12:10:35.0361 2008 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:10:35.0392 2008 FsDepends - ok
12:10:35.0407 2008 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:10:35.0423 2008 Fs_Rec - ok
12:10:35.0470 2008 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:10:35.0517 2008 fvevol - ok
12:10:35.0563 2008 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:10:35.0579 2008 gagp30kx - ok
12:10:35.0610 2008 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:10:35.0688 2008 gpsvc - ok
12:10:35.0766 2008 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:10:35.0813 2008 gupdate - ok
12:10:35.0844 2008 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:10:35.0860 2008 gupdatem - ok
12:10:35.0938 2008 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:10:36.0016 2008 gusvc - ok
12:10:36.0031 2008 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:10:36.0063 2008 hcw85cir - ok
12:10:36.0109 2008 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:10:36.0172 2008 HdAudAddService - ok
12:10:36.0187 2008 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:10:36.0234 2008 HDAudBus - ok
12:10:36.0234 2008 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:10:36.0265 2008 HidBatt - ok
12:10:36.0297 2008 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:10:36.0343 2008 HidBth - ok
12:10:36.0359 2008 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:10:36.0390 2008 HidIr - ok
12:10:36.0437 2008 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
12:10:36.0499 2008 hidserv - ok
12:10:36.0546 2008 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:10:36.0562 2008 HidUsb - ok
12:10:36.0609 2008 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:10:36.0671 2008 hkmsvc - ok
12:10:36.0702 2008 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:10:36.0749 2008 HomeGroupListener - ok
12:10:36.0780 2008 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:10:36.0811 2008 HomeGroupProvider - ok
12:10:36.0843 2008 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:10:36.0874 2008 HpSAMD - ok
12:10:36.0921 2008 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:10:36.0999 2008 HTTP - ok
12:10:37.0045 2008 [ 88B2115311628579BDE805DDDDD913B7 ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
12:10:37.0077 2008 huawei_cdcacm - ok
12:10:37.0108 2008 [ 2AEB89AEAC08ECD23FC0DA3EB4330A29 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
12:10:37.0139 2008 huawei_enumerator - ok
12:10:37.0155 2008 [ FF66400ACC543F4EEFE83CDE5B1B4164 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
12:10:37.0186 2008 huawei_ext_ctrl - ok
12:10:37.0217 2008 [ CB4A1F464EF6FE83ABDFE49E7416E6D7 ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
12:10:37.0264 2008 huawei_wwanecm - ok
12:10:37.0279 2008 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:10:37.0295 2008 hwpolicy - ok
12:10:37.0342 2008 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:10:37.0357 2008 i8042prt - ok
12:10:37.0389 2008 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:10:37.0420 2008 iaStorV - ok
12:10:37.0482 2008 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:10:37.0560 2008 idsvc - ok
12:10:37.0607 2008 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:10:37.0638 2008 iirsp - ok
12:10:37.0669 2008 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:10:37.0747 2008 IKEEXT - ok
12:10:37.0779 2008 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:10:37.0794 2008 intelide - ok
12:10:37.0825 2008 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:10:37.0841 2008 intelppm - ok
12:10:37.0888 2008 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:10:37.0966 2008 IPBusEnum - ok
12:10:37.0981 2008 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:10:38.0013 2008 IpFilterDriver - ok
12:10:38.0075 2008 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:10:38.0122 2008 iphlpsvc - ok
12:10:38.0137 2008 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:10:38.0169 2008 IPMIDRV - ok
12:10:38.0184 2008 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:10:38.0231 2008 IPNAT - ok
12:10:38.0262 2008 [ D3F6DF74534CFDCCF49803E739ACAEA0 ] IpwP C:\Windows\system32\DRIVERS\ipw3gnet.sys
12:10:38.0309 2008 IpwP - ok
12:10:38.0371 2008 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:10:38.0418 2008 IRENUM - ok
12:10:38.0481 2008 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:10:38.0512 2008 isapnp - ok
12:10:38.0543 2008 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:10:38.0574 2008 iScsiPrt - ok
12:10:38.0605 2008 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:10:38.0621 2008 kbdclass - ok
12:10:38.0652 2008 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:10:38.0683 2008 kbdhid - ok
12:10:38.0683 2008 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:10:38.0715 2008 KeyIso - ok
12:10:38.0746 2008 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:10:38.0761 2008 KSecDD - ok
12:10:38.0793 2008 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:10:38.0824 2008 KSecPkg - ok
12:10:38.0855 2008 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:10:38.0902 2008 KtmRm - ok
12:10:38.0949 2008 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
12:10:38.0995 2008 LanmanServer - ok
12:10:39.0027 2008 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:10:39.0058 2008 LanmanWorkstation - ok
12:10:39.0214 2008 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:10:39.0292 2008 LiveUpdate - ok
12:10:39.0323 2008 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:10:39.0370 2008 lltdio - ok
12:10:39.0401 2008 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:10:39.0448 2008 lltdsvc - ok
12:10:39.0463 2008 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:10:39.0510 2008 lmhosts - ok
12:10:39.0526 2008 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:10:39.0557 2008 LSI_FC - ok
12:10:39.0573 2008 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:10:39.0604 2008 LSI_SAS - ok
12:10:39.0651 2008 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:10:39.0697 2008 LSI_SAS2 - ok
12:10:39.0697 2008 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:10:39.0729 2008 LSI_SCSI - ok
12:10:39.0744 2008 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:10:39.0791 2008 luafv - ok
12:10:39.0853 2008 [ 0B058116D3D4ECCA7DED38F16E0581B2 ] massfilter C:\Windows\system32\drivers\massfilter.sys
12:10:39.0916 2008 massfilter - ok
12:10:39.0947 2008 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:10:39.0978 2008 Mcx2Svc - ok
12:10:40.0009 2008 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:10:40.0056 2008 megasas - ok
12:10:40.0087 2008 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:10:40.0134 2008 MegaSR - ok
12:10:40.0181 2008 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:10:40.0212 2008 MMCSS - ok
12:10:40.0228 2008 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:10:40.0259 2008 Modem - ok
12:10:40.0275 2008 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:10:40.0306 2008 monitor - ok
12:10:40.0353 2008 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:10:40.0368 2008 mouclass - ok
12:10:40.0415 2008 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:10:40.0477 2008 mouhid - ok
12:10:40.0509 2008 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:10:40.0524 2008 mountmgr - ok
12:10:40.0587 2008 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:10:40.0665 2008 MozillaMaintenance - ok
12:10:40.0696 2008 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:10:40.0711 2008 mpio - ok
12:10:40.0758 2008 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:10:40.0789 2008 mpsdrv - ok
12:10:40.0836 2008 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:10:40.0914 2008 MpsSvc - ok
12:10:40.0945 2008 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:10:40.0992 2008 MRxDAV - ok
12:10:41.0023 2008 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:10:41.0055 2008 mrxsmb - ok
12:10:41.0070 2008 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:10:41.0101 2008 mrxsmb10 - ok
12:10:41.0117 2008 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:10:41.0148 2008 mrxsmb20 - ok
12:10:41.0164 2008 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:10:41.0211 2008 msahci - ok
12:10:41.0242 2008 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:10:41.0273 2008 msdsm - ok
12:10:41.0289 2008 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:10:41.0367 2008 MSDTC - ok
12:10:41.0413 2008 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:10:41.0445 2008 Msfs - ok
12:10:41.0445 2008 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:10:41.0491 2008 mshidkmdf - ok
12:10:41.0523 2008 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:10:41.0538 2008 msisadrv - ok
12:10:41.0585 2008 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:10:41.0647 2008 MSiSCSI - ok
12:10:41.0647 2008 msiserver - ok
12:10:41.0757 2008 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:10:41.0819 2008 MSKSSRV - ok
12:10:41.0850 2008 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:10:41.0881 2008 MSPCLOCK - ok
12:10:41.0897 2008 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:10:41.0944 2008 MSPQM - ok
12:10:41.0959 2008 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:10:41.0975 2008 MsRPC - ok
12:10:42.0006 2008 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:10:42.0022 2008 mssmbios - ok
12:10:42.0053 2008 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:10:42.0084 2008 MSTEE - ok
12:10:42.0115 2008 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:10:42.0147 2008 MTConfig - ok
12:10:42.0162 2008 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:10:42.0193 2008 Mup - ok
12:10:42.0225 2008 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:10:42.0271 2008 napagent - ok
12:10:42.0318 2008 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:10:42.0349 2008 NativeWifiP - ok
12:10:42.0490 2008 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130123.023\NAVENG.SYS
12:10:42.0537 2008 NAVENG - ok
12:10:42.0630 2008 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130123.023\NAVEX15.SYS
12:10:42.0693 2008 NAVEX15 - ok
12:10:42.0724 2008 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:10:42.0771 2008 NDIS - ok
12:10:42.0802 2008 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:10:42.0833 2008 NdisCap - ok
12:10:42.0880 2008 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:10:42.0942 2008 NdisTapi - ok
12:10:42.0973 2008 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:10:43.0020 2008 Ndisuio - ok
12:10:43.0051 2008 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:10:43.0083 2008 NdisWan - ok
12:10:43.0114 2008 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:10:43.0161 2008 NDProxy - ok
12:10:43.0192 2008 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:10:43.0239 2008 NetBIOS - ok
12:10:43.0254 2008 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:10:43.0301 2008 NetBT - ok
12:10:43.0317 2008 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:10:43.0348 2008 Netlogon - ok
12:10:43.0379 2008 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:10:43.0410 2008 Netman - ok
12:10:43.0504 2008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:10:43.0551 2008 NetMsmqActivator - ok
12:10:43.0566 2008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:10:43.0582 2008 NetPipeActivator - ok
12:10:43.0613 2008 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:10:43.0660 2008 netprofm - ok
12:10:43.0691 2008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:10:43.0707 2008 NetTcpActivator - ok
12:10:43.0707 2008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:10:43.0738 2008 NetTcpPortSharing - ok
12:10:43.0863 2008 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
12:10:44.0050 2008 netw5v32 - ok
12:10:44.0081 2008 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:10:44.0159 2008 nfrd960 - ok
12:10:44.0206 2008 [ 19CADEA89C6577315B76F016F6DA802D ] NgFilter C:\Windows\system32\DRIVERS\ngfilter.sys
12:10:44.0221 2008 NgFilter - ok
12:10:44.0253 2008 [ 3608C65F0DB2FC2D73D859D1C192C575 ] NgLog C:\Windows\system32\DRIVERS\nglog.sys
12:10:44.0268 2008 NgLog - ok
12:10:44.0284 2008 [ 83D5BC84A9AB622170EEA134C2087121 ] NgVpn C:\Windows\system32\DRIVERS\ngvpn.sys
12:10:44.0315 2008 NgVpn - ok
12:10:44.0362 2008 [ 891FE6FE51A495502D272E3C34627F65 ] NgVpnMgr C:\Windows\system32\ngvpnmgr.exe
12:10:44.0424 2008 NgVpnMgr - ok
12:10:44.0455 2008 [ 833FEDDE4A87A744D9400F6CDA35737C ] NgWfp C:\Windows\system32\DRIVERS\ngwfp.sys
12:10:44.0487 2008 NgWfp - ok
12:10:44.0518 2008 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
12:10:44.0549 2008 NlaSvc - ok
12:10:44.0565 2008 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:10:44.0611 2008 Npfs - ok
12:10:44.0643 2008 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:10:44.0674 2008 nsi - ok
12:10:44.0674 2008 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:10:44.0705 2008 nsiproxy - ok
12:10:44.0767 2008 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:10:44.0830 2008 Ntfs - ok
12:10:44.0861 2008 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:10:44.0923 2008 Null - ok
12:10:45.0079 2008 [ 8234151A1D602D3175DE4859E32D5289 ] NVIDIA Performance Driver Service C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
12:10:45.0173 2008 NVIDIA Performance Driver Service - ok
12:10:45.0501 2008 [ C06704827B883CF5A42912FD667B192F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:10:45.0875 2008 nvlddmkm - ok
12:10:45.0937 2008 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:10:45.0953 2008 nvraid - ok
12:10:46.0000 2008 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:10:46.0031 2008 nvstor - ok
12:10:46.0062 2008 [ A479E0FEFD10DB33AC8EA93C01F80C54 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:10:46.0109 2008 nvsvc - ok
12:10:46.0156 2008 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:10:46.0171 2008 nv_agp - ok
12:10:46.0203 2008 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:10:46.0234 2008 ohci1394 - ok
12:10:46.0312 2008 [ EC322186D8FCE3D632F3F597D67747DD ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
12:10:46.0359 2008 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
12:10:46.0359 2008 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
12:10:46.0405 2008 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:10:46.0483 2008 ose - ok
12:10:46.0671 2008 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:10:46.0764 2008 osppsvc - ok
12:10:46.0842 2008 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:10:46.0920 2008 p2pimsvc - ok
12:10:46.0951 2008 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:10:46.0998 2008 p2psvc - ok
12:10:47.0014 2008 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:10:47.0029 2008 Parport - ok
12:10:47.0061 2008 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:10:47.0076 2008 partmgr - ok
12:10:47.0107 2008 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:10:47.0139 2008 Parvdm - ok
12:10:47.0170 2008 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:10:47.0201 2008 PcaSvc - ok
12:10:47.0201 2008 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:10:47.0232 2008 pci - ok
12:10:47.0248 2008 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:10:47.0279 2008 pciide - ok
12:10:47.0326 2008 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:10:47.0341 2008 pcmcia - ok
12:10:47.0357 2008 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:10:47.0388 2008 pcw - ok
12:10:47.0419 2008 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:10:47.0497 2008 PEAUTH - ok
12:10:47.0560 2008 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:10:47.0653 2008 PeerDistSvc - ok
12:10:47.0731 2008 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:10:47.0841 2008 pla - ok
12:10:47.0887 2008 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:10:47.0919 2008 PlugPlay - ok
12:10:47.0934 2008 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:10:47.0965 2008 PNRPAutoReg - ok
12:10:47.0997 2008 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:10:48.0028 2008 PNRPsvc - ok
12:10:48.0059 2008 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:10:48.0121 2008 PolicyAgent - ok
12:10:48.0153 2008 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:10:48.0184 2008 Power - ok
12:10:48.0215 2008 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:10:48.0293 2008 PptpMiniport - ok
12:10:48.0309 2008 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:10:48.0340 2008 Processor - ok
12:10:48.0371 2008 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
12:10:48.0402 2008 ProfSvc - ok
12:10:48.0418 2008 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:10:48.0433 2008 ProtectedStorage - ok
12:10:48.0465 2008 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:10:48.0496 2008 Psched - ok
12:10:48.0543 2008 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:10:48.0636 2008 ql2300 - ok
12:10:48.0667 2008 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:10:48.0699 2008 ql40xx - ok
12:10:48.0730 2008 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:10:48.0808 2008 QWAVE - ok
12:10:48.0839 2008 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:10:48.0870 2008 QWAVEdrv - ok
12:10:48.0886 2008 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:10:48.0933 2008 RasAcd - ok
12:10:48.0964 2008 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:10:48.0995 2008 RasAgileVpn - ok
12:10:49.0026 2008 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:10:49.0104 2008 RasAuto - ok
12:10:49.0120 2008 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:10:49.0167 2008 Rasl2tp - ok
12:10:49.0198 2008 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:10:49.0245 2008 RasMan - ok
12:10:49.0276 2008 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:10:49.0323 2008 RasPppoe - ok
12:10:49.0338 2008 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:10:49.0385 2008 RasSstp - ok
12:10:49.0416 2008 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:10:49.0463 2008 rdbss - ok
12:10:49.0479 2008 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:10:49.0510 2008 rdpbus - ok
12:10:49.0525 2008 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:10:49.0557 2008 RDPCDD - ok
12:10:49.0588 2008 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:10:49.0619 2008 RDPDR - ok
12:10:49.0650 2008 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:10:49.0697 2008 RDPENCDD - ok
12:10:49.0713 2008 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:10:49.0759 2008 RDPREFMP - ok
12:10:49.0791 2008 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:10:49.0837 2008 RDPWD - ok
12:10:49.0884 2008 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:10:49.0915 2008 rdyboost - ok
12:10:49.0947 2008 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:10:49.0993 2008 RemoteAccess - ok
12:10:50.0040 2008 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:10:50.0103 2008 RemoteRegistry - ok
12:10:50.0134 2008 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:10:50.0181 2008 RpcEptMapper - ok
12:10:50.0212 2008 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:10:50.0259 2008 RpcLocator - ok
12:10:50.0290 2008 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
12:10:50.0337 2008 RpcSs - ok
12:10:50.0368 2008 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:10:50.0446 2008 rspndr - ok
12:10:50.0477 2008 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:10:50.0508 2008 s3cap - ok
12:10:50.0524 2008 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
12:10:50.0539 2008 SamSs - ok
12:10:50.0571 2008 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:10:50.0602 2008 sbp2port - ok
12:10:50.0633 2008 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:10:50.0664 2008 SCardSvr - ok
12:10:50.0680 2008 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:10:50.0711 2008 scfilter - ok
12:10:50.0742 2008 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:10:50.0820 2008 Schedule - ok
12:10:50.0836 2008 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:10:50.0867 2008 SCPolicySvc - ok
12:10:50.0914 2008 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
12:10:50.0945 2008 sdbus - ok
12:10:50.0976 2008 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:10:50.0992 2008 SDRSVC - ok
12:10:51.0039 2008 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:10:51.0070 2008 secdrv - ok
12:10:51.0101 2008 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:10:51.0163 2008 seclogon - ok
12:10:51.0179 2008 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
12:10:51.0210 2008 SENS - ok
12:10:51.0226 2008 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:10:51.0273 2008 SensrSvc - ok
12:10:51.0288 2008 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:10:51.0319 2008 Serenum - ok
12:10:51.0351 2008 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:10:51.0366 2008 Serial - ok
12:10:51.0397 2008 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:10:51.0429 2008 sermouse - ok
12:10:51.0460 2008 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:10:51.0507 2008 SessionEnv - ok
12:10:51.0522 2008 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:10:51.0553 2008 sffdisk - ok
12:10:51.0569 2008 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:10:51.0600 2008 sffp_mmc - ok
12:10:51.0616 2008 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:10:51.0647 2008 sffp_sd - ok
12:10:51.0678 2008 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:10:51.0725 2008 sfloppy - ok
12:10:51.0756 2008 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:10:51.0803 2008 SharedAccess - ok
12:10:51.0834 2008 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:10:51.0897 2008 ShellHWDetection - ok
12:10:51.0959 2008 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:10:51.0975 2008 sisagp - ok
12:10:52.0068 2008 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:10:52.0115 2008 SiSRaid2 - ok
12:10:52.0146 2008 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:10:52.0177 2008 SiSRaid4 - ok
12:10:52.0349 2008 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:10:52.0427 2008 Skype C2C Service - ok
12:10:52.0505 2008 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:10:52.0708 2008 SkypeUpdate - ok
12:10:52.0770 2008 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:10:52.0848 2008 Smb - ok
12:10:52.0942 2008 [ A58C1A086D9C09C6572C948F22CC0E94 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
12:10:52.0989 2008 SmcService - ok
12:10:53.0020 2008 [ D2C222441255131E29DE351475F98F6D ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
12:10:53.0082 2008 SNAC - ok
12:10:53.0129 2008 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:10:53.0145 2008 SNMPTRAP - ok
12:10:53.0223 2008 [ E621BB5839CF45FA477F48092EDD2B40 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
12:10:53.0269 2008 SPBBCDrv - ok
12:10:53.0269 2008 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:10:53.0285 2008 spldr - ok
12:10:53.0332 2008 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:10:53.0379 2008 Spooler - ok
12:10:53.0503 2008 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:10:53.0878 2008 sppsvc - ok
12:10:53.0925 2008 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:10:53.0971 2008 sppuinotify - ok
12:10:54.0003 2008 [ 2ABF82C8452AB0B9FFC74A2D5DA91989 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
12:10:54.0034 2008 SRTSP - ok
12:10:54.0065 2008 [ E2F9E5887BEA5BD8784D337E06EDA31B ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
12:10:54.0096 2008 SRTSPL - ok
12:10:54.0112 2008 [ 3B974C158FABD910186F98DF8D3E23F3 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
12:10:54.0127 2008 SRTSPX - ok
12:10:54.0174 2008 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:10:54.0190 2008 srv - ok
12:10:54.0221 2008 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:10:54.0268 2008 srv2 - ok
12:10:54.0283 2008 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:10:54.0315 2008 srvnet - ok
12:10:54.0346 2008 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:10:54.0393 2008 SSDPSRV - ok
12:10:54.0408 2008 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:10:54.0455 2008 SstpSvc - ok
12:10:54.0471 2008 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:10:54.0502 2008 stexstor - ok
12:10:54.0533 2008 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:10:54.0564 2008 StiSvc - ok
12:10:54.0595 2008 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:10:54.0611 2008 storflt - ok
12:10:54.0642 2008 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
12:10:54.0689 2008 StorSvc - ok
12:10:54.0720 2008 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:10:54.0751 2008 storvsc - ok
12:10:54.0767 2008 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:10:54.0783 2008 swenum - ok
12:10:54.0829 2008 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:10:54.0923 2008 swprv - ok
12:10:55.0017 2008 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
12:10:55.0095 2008 Symantec AntiVirus - ok
12:10:55.0157 2008 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
12:10:55.0188 2008 SymEvent - ok
12:10:55.0219 2008 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
12:10:55.0297 2008 SYMREDRV - ok
12:10:55.0313 2008 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
12:10:55.0329 2008 SYMTDI - ok
12:10:55.0391 2008 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:10:55.0485 2008 SysMain - ok
12:10:55.0500 2008 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:10:55.0547 2008 TabletInputService - ok
12:10:55.0594 2008 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
12:10:55.0641 2008 tap0901 - ok
12:10:55.0672 2008 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:10:55.0719 2008 TapiSrv - ok
12:10:55.0750 2008 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:10:55.0781 2008 TBS - ok
12:10:55.0843 2008 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:10:55.0906 2008 Tcpip - ok
12:10:55.0968 2008 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:10:56.0015 2008 TCPIP6 - ok
12:10:56.0046 2008 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:10:56.0093 2008 tcpipreg - ok
12:10:56.0124 2008 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:10:56.0171 2008 TDPIPE - ok
12:10:56.0187 2008 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:10:56.0218 2008 TDTCP - ok
12:10:56.0249 2008 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:10:56.0296 2008 tdx - ok
12:10:56.0311 2008 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:10:56.0343 2008 TermDD - ok
12:10:56.0374 2008 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:10:56.0452 2008 TermService - ok
12:10:56.0483 2008 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:10:56.0514 2008 Themes - ok
12:10:56.0545 2008 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:10:56.0577 2008 THREADORDER - ok
12:10:56.0592 2008 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:10:56.0639 2008 TrkWks - ok
12:10:56.0701 2008 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:10:56.0779 2008 TrustedInstaller - ok
12:10:56.0795 2008 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:10:56.0842 2008 tssecsrv - ok
12:10:56.0904 2008 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:10:56.0967 2008 TsUsbFlt - ok
12:10:57.0013 2008 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:10:57.0060 2008 tunnel - ok
12:10:57.0091 2008 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:10:57.0107 2008 uagp35 - ok
12:10:57.0138 2008 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:10:57.0325 2008 udfs - ok
12:10:57.0372 2008 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:10:57.0419 2008 UI0Detect - ok
12:10:57.0450 2008 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:10:57.0481 2008 uliagpkx - ok
12:10:57.0513 2008 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
12:10:57.0544 2008 umbus - ok
12:10:57.0575 2008 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:10:57.0606 2008 UmPass - ok
12:10:57.0637 2008 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
12:10:57.0684 2008 UmRdpService - ok
12:10:57.0731 2008 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:10:57.0778 2008 upnphost - ok
12:10:57.0793 2008 upperdev - ok
12:10:57.0825 2008 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:10:57.0856 2008 usbccgp - ok
12:10:57.0871 2008 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:10:57.0918 2008 usbcir - ok
12:10:57.0934 2008 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:10:57.0949 2008 usbehci - ok
12:10:57.0981 2008 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:10:57.0996 2008 usbhub - ok
12:10:58.0027 2008 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:10:58.0059 2008 usbohci - ok
12:10:58.0074 2008 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:10:58.0105 2008 usbprint - ok
12:10:58.0137 2008 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:10:58.0168 2008 USBSTOR - ok
12:10:58.0199 2008 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:10:58.0215 2008 usbuhci - ok
12:10:58.0261 2008 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:10:58.0293 2008 usbvideo - ok
12:10:58.0308 2008 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:10:58.0339 2008 UxSms - ok
12:10:58.0355 2008 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
12:10:58.0386 2008 VaultSvc - ok
12:10:58.0402 2008 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:10:58.0417 2008 vdrvroot - ok
12:10:58.0449 2008 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:10:58.0558 2008 vds - ok
12:10:58.0589 2008 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:10:58.0620 2008 vga - ok
12:10:58.0636 2008 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:10:58.0667 2008 VgaSave - ok
12:10:58.0698 2008 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:10:58.0729 2008 vhdmp - ok
12:10:58.0745 2008 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:10:58.0776 2008 viaagp - ok
12:10:58.0807 2008 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:10:58.0854 2008 ViaC7 - ok
12:10:58.0885 2008 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:10:58.0917 2008 viaide - ok
12:10:58.0932 2008 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:10:58.0963 2008 vmbus - ok
12:10:58.0963 2008 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:10:58.0995 2008 VMBusHID - ok
12:10:59.0010 2008 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:10:59.0026 2008 volmgr - ok
12:10:59.0073 2008 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:10:59.0104 2008 volmgrx - ok
12:10:59.0135 2008 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:10:59.0151 2008 volsnap - ok
12:10:59.0197 2008 [ B26536ADD1D748CDA104D856C979AE79 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
12:10:59.0213 2008 vpcbus - ok
12:10:59.0229 2008 [ A0F7E923A6261760130F22B85DF9040E ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:10:59.0260 2008 vpcnfltr - ok
12:10:59.0291 2008 [ 5F4B55E91CE7E2523C9E1E0ECE858869 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
12:10:59.0307 2008 vpcusb - ok
12:10:59.0338 2008 [ B487191FE18D6863381A1AC55482469A ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
12:10:59.0369 2008 vpcvmm - ok
12:10:59.0385 2008 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:10:59.0416 2008 vsmraid - ok
12:10:59.0478 2008 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:10:59.0603 2008 VSS - ok
12:10:59.0650 2008 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:10:59.0697 2008 vwifibus - ok
12:10:59.0728 2008 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:10:59.0790 2008 W32Time - ok
12:10:59.0806 2008 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:10:59.0821 2008 WacomPen - ok
12:10:59.0868 2008 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:10:59.0899 2008 WANARP - ok
12:10:59.0899 2008 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:10:59.0931 2008 Wanarpv6 - ok
12:11:00.0024 2008 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:11:00.0118 2008 WatAdminSvc - ok
12:11:00.0165 2008 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:11:00.0274 2008 wbengine - ok
12:11:00.0305 2008 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:11:00.0367 2008 WbioSrvc - ok
12:11:00.0414 2008 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:11:00.0477 2008 wcncsvc - ok
12:11:00.0508 2008 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:11:00.0539 2008 WcsPlugInService - ok
12:11:00.0570 2008 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:11:00.0601 2008 Wd - ok
12:11:00.0633 2008 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:11:00.0664 2008 Wdf01000 - ok
12:11:00.0679 2008 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:11:00.0711 2008 WdiServiceHost - ok
12:11:00.0726 2008 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:11:00.0742 2008 WdiSystemHost - ok
12:11:00.0773 2008 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
12:11:00.0820 2008 WebClient - ok
12:11:00.0851 2008 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:11:00.0882 2008 Wecsvc - ok
12:11:00.0913 2008 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:11:00.0960 2008 wercplsupport - ok
12:11:01.0007 2008 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:11:01.0054 2008 WerSvc - ok
12:11:01.0101 2008 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:11:01.0147 2008 WfpLwf - ok
12:11:01.0163 2008 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:11:01.0194 2008 WIMMount - ok
12:11:01.0241 2008 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:11:01.0288 2008 WinDefend - ok
12:11:01.0303 2008 WinHttpAutoProxySvc - ok
12:11:01.0366 2008 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:11:01.0444 2008 Winmgmt - ok
12:11:01.0491 2008 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:11:01.0569 2008 WinRM - ok
12:11:01.0615 2008 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:11:01.0647 2008 WinUsb - ok
12:11:01.0709 2008 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:11:01.0787 2008 Wlansvc - ok
12:11:01.0818 2008 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:11:01.0849 2008 WmiAcpi - ok
12:11:01.0881 2008 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:11:01.0959 2008 wmiApSrv - ok
12:11:02.0052 2008 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:11:02.0130 2008 WMPNetworkSvc - ok
12:11:02.0161 2008 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:11:02.0208 2008 WPCSvc - ok
12:11:02.0224 2008 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:11:02.0271 2008 WPDBusEnum - ok
12:11:02.0442 2008 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:11:02.0505 2008 ws2ifsl - ok
12:11:02.0551 2008 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
12:11:02.0583 2008 wscsvc - ok
12:11:02.0583 2008 WSearch - ok
12:11:02.0676 2008 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:11:02.0785 2008 wuauserv - ok
12:11:02.0832 2008 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:11:02.0848 2008 WudfPf - ok
12:11:02.0863 2008 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:11:02.0895 2008 WUDFRd - ok
12:11:02.0910 2008 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:11:02.0941 2008 wudfsvc - ok
12:11:02.0973 2008 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:11:03.0004 2008 WwanSvc - ok
12:11:03.0051 2008 [ 46686FE8915BD8B2FEB3A876E367010C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
12:11:03.0066 2008 ZTEusbmdm6k - ok
12:11:03.0097 2008 [ 46686FE8915BD8B2FEB3A876E367010C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
12:11:03.0129 2008 ZTEusbnmea - ok
12:11:03.0144 2008 [ 46686FE8915BD8B2FEB3A876E367010C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
12:11:03.0175 2008 ZTEusbser6k - ok
12:11:03.0207 2008 ================ Scan global ===============================
12:11:03.0238 2008 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:11:03.0285 2008 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
12:11:03.0300 2008 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
12:11:03.0331 2008 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:11:03.0363 2008 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:11:03.0378 2008 [Global] - ok
12:11:03.0378 2008 ================ Scan MBR ==================================
12:11:03.0378 2008 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:11:03.0799 2008 \Device\Harddisk0\DR0 - ok
12:11:03.0815 2008 ================ Scan VBR ==================================
12:11:03.0815 2008 [ A3156DB3D734CD888D0B2C434CB6640F ] \Device\Harddisk0\DR0\Partition1
12:11:03.0815 2008 \Device\Harddisk0\DR0\Partition1 - ok
12:11:03.0815 2008 ============================================================
12:11:03.0815 2008 Scan finished
12:11:03.0815 2008 ============================================================
12:11:03.0893 3464 Detected object count: 3
12:11:03.0893 3464 Actual detected object count: 3
12:12:20.0162 3464 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
12:12:20.0162 3464 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:12:20.0162 3464 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:12:20.0162 3464 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:12:20.0177 3464 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
12:12:20.0177 3464 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip

VIRY.CZ

Trojan.Gen.2

Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2

Re: Trojan.Gen.2